I have a site that's coded mainly in PHP, but I'm trying to rewrite my dynamic php URL's into static HTML URL's.
But I want the address bar to still remain as the static HTML link.
I'm trying to accomplish this through .htaccess (I have no access to httpd.conf as I'm hosted on a shared account). Here is what's written in my .httaccess file:
Options +FollowSymLinks
RewriteEngine on
RewriteBase /
RewriteRule ^inventory-search-([^.]+)-by-([^.]+).html$ http://www.pianostudiosandshowcase.com/inventory.php?search=$1&by=$2 [R]
But I can't get the address bar to remain as the static HTML link.
Here is a link to show you what I mean:
http://www.pianostudiosandshowcase.com/inventory.php?search=manufacturer&by=1
What am I missing?
You need to remove both the R flag in your rewrite rule as well as the protocol/domain name:
RewriteRule ^inventory-search-([^.]+)-by-([^.]+).html$ /inventory.php?search=$1&by=$2 [L]
Both will cause the server to externally redirect the browser, telling it "what you were looking for is not at that URL, you need to go to this entirely different URL". The forces the browser to display the new location in its address bar.
If you internally rewrite it, the browser has no idea the URI that it sent as a request had been changed, therefore the address bar remains unchanged.
Related
i'm trying to achieve the following:
I have domain.it and domain.fr
domain.it contains a website localized in multiple languages, so for example if you go to www.domain.it/fr/somecontent.php it shows that content in french language. This works. This website is hosted on a dedicated server.
In domain.fr i have an empty space with only an .htaccess. What i want is that when the user go to www.domain.fr/somecontent.php the browser shows the content from www.domain.it/fr/somecontent.php but keeping www.domain.fr/somecontent.php in the URL. So basically www.domain.fr/* should show the content from www.domain.it/fr/* but keeping www.domain.fr/* in the browser address bar.
Using an iframe is not an option because is not good for the SEO.
I'm using the following code inside the .htaccess on domain.fr (which is hosted on an OVH shared hosting):
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www.domain.fr$
RewriteRule ^(.*) https://www.domain.it/fr/$1 [P]
But when i open www.domain.fr or www.domain.fr/somecontent.php in the browser it says "Forbidden: You don't have permission to access /somecontent.php on this server."
Instead, if i place [L] or [L,R=302] in place of the [P] in the last line of .htaccess, it correctly redirect to the www.domain.it/fr/somecontent.php showing it contents, but it shows the destination url (the it domain) in the browser bar.
So i think the rules are correct, but for some reason when i use the [P] flag which as far as i know is needed to mask the url, it doesn't work.
Have you any clues ?
Thank you!
My goal is to reduce the visibility of my app's signature. This is not security by obscurity, just a superficial bit of defence in depth, so that at first glance an attacker cannot tell if it is a static site or not. (Also cosmetic; it just feels "cleaner" to hide app details even if they would never become visible in normal operation). Therefore I want to deny access to some directories without revealing that they exist, so I must give the exact same 404 response my app would give if the user requested a non-existent page.
In an .htaccess file, I have the following:
RewriteEngine on
RewriteCond "%{REQUEST_FILENAME}" "!-f"
RewriteCond "%{REQUEST_FILENAME}" "!-d"
RewriteRule "^(.*)" "index.php?page=$1"
RewriteRule "^(secret_dir1|secret_dir2)(/.*)?$" "index.php?page=404"
where index.php renders a nice pretty webpage according to the value of the "page" GET parameter; if "page" does not correspond to a page at the app level, or "page" is set to 404, the script renders a pretty 404 page with proper headers and everything.
Here's where the problem happens. "App-level" 404s work as expected; a 404 page is rendered. However, if the user requests mydomain.com/dir_i_am_trying_to_hide, they are given a 301 redirect to mydomain.com/dir_i_am_trying_to_hide/?page=404: an external redirect instead of an internal rewrite.
Why is it sending out an external redirect instead of just rewriting the url? How am I supposed to avoid this properly? Barring that, is there a way to force the server to do an internal rewrite instead? (The Apache docs seem to indicate you can force a RewriteRule to be external, but not the other way around)
Turns out my rewrite rule was not causing the external redirect; Apache's DirectorySlash was; I would query hostname/secret_dir1 and it would send a redirect to hostname/secret_dir1/.
I'm not sure why the query string was changed, but adding DirectorySlash off fixed it.
I'm using .htaccess for URL redirection as below:
RewriteEngine On
RewriteRule ^x.php$ /y.php
Can the user know some how (even using some advanced tools) that the page was actually served from y.php instead of x.php?
Thanks
On my website, I would rename the URL on address bar, from
domain.com/economy/article.php?id=00
to
domain.com/economy/id-name-article.html
I wrote this .htaccess file:
RewriteEngine On
RewriteRule ^([0-9]+)-([^\.]*)\.html$ http://domain.com/economy/article.php?id=$1 [L]
I have an anchor with this href: href="economy/id-name-article.html" and when I click on it, the server is redirected on article.php, it runs the script in the correct way and I can view the article, but on the address bar is still written domain.com/economy/article.php?id=00 instead domain.com/economy/id-name-article.html. Why?
This happens only on my online server, while locally it's all right.
The mod_rewrite module is issuing a redirect to your browser rather than transparently rewriting the url, causing you to see the new url in your browser.
Try removing the http://domain.com portion from your RewriteRule to see if it avoids the redirect to your browser by changing the rule to:
RewriteRule ^([0-9]+)-([^\.]*)\.html$ /economy/article.php?id=$1 [L]
If that fails, you could also use the proxy flag [P] to force apache to transparently fetch the page and return it to your users without the redirect. I don't recommend this approach since it can have security implications but it should work if the above doesn't.
EDIT: To clarify, rewriting the url with a fully-qualified domain rather than a relative uri tells apache that the redirect is on a different server, and therefore it doesn't know that the new url is accessible on the same host without redirecting the client.
Cannot seem to get a mod_rewrite to work. We have a domain name that has already been printed here, there and everywhere when the website was Flash. It has a # in its trail /#login.php and we want so that when people put this in it redirects them to /login.php. I have already tried this rule but can't get it to work:
RewriteEngine On
RewriteRule ^/#login.php$ /login.php
I have also checked that the rewrite engine is working by using a redirect to google. Just need the out of date #login.php to go to the new login.php
thanks
The # in the URL (or "fragment") is not sent to the server, it's purely for the client side to point to some part of the page. If you see http://hostname.com/#login.php in your address bar, the only thing the server gets is a request for /. You may need to employ some javascript on the page to look at the browser's address bar to find a fragment and maybe send that to the server as a query string.
Try :
RewriteEngine On
RewriteBase /
RewriteRule ^#login\.php$ /login.php [QSA,L]
Mod_rewrite is enabled ? available ?